Property Casualty

Now Debuting: The Grinch Who Stole Your App Credentials

Nick Maletta
Nick Maletta
Client Executive, Property Casualty

‘Tis the season for holiday shopping! I know, that line is incredibly cliché, and between now and when the holidays are over, you’ll likely hear it again and again in stores, on advertisements, and through the media. But it’s true. With Black Friday and Cyber Monday right around the corner, stores decked out for the holidays, and online deals beginning to pop up everywhere you look, that “cliché” is right on. This year, though, just like in years past, shopping should come with a warning label. And if you think you know the pattern of thieves and what they can do to “bah humbug” your holidays, you may be in for a surprise.

I recently read a New York Times article titled “Beware, iPhone Users: Fake Retail Apps are Surging Before the Holidays.” You read that right…FAKE retail apps. Are you a bit nervous now? I was when I read the article. I mean, really … a quick tap on my phone to my favorite store’s app for that “gotta have” deal makes shopping so easy. Now, as the Holmes Murphy Cyber Liability Practice Leader, I’ve always known the dangers of cyber criminals. So while this newest trend isn’t “surprising,” it does cause me to pause a bit longer than I normally would before heading to an app’s checkout.

The New York Times article says there are hundreds of fake retail and product apps that have popped up in the Apple® App Store in recent weeks — just in time to deceive holiday shoppers. The article goes on to say that counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior, and Salvatore Ferragamo. That’s just the tip of the iceberg.

These fake apps or websites are used to gather information on you or your clients — both personally and financially. Think about it … you can’t buy anything without entering credit card details and personal information. The criminals can then use that information for financial gain right away or socially engineer fake identities to further their criminal efforts later. Boom. It’s like winning the lottery for the thieves. So what should you do? I have some advice for consumers and companies.


As a consumer:

  • Be vigilant during the holiday season (and anytime, really). Don’t just trust an application on your phone or a store’s website because there’s a good deal going on. Remember the old saying, “If it sounds too good to be true, it probably is.”
  • Be mindful of the shopping you do online. The more you do, the wider a net you cast with your information.


For companies:

  • Monitor your own online or retail presence. It sounds silly…but Google your company name to make sure your site is the one that comes up. This will not only boost your SEO, but it may help in finding fraudulent sites.
  • Similar to above, if you’re going to offer multiple portals (or apps) for your clients to access your products, that’s great! But know the risks. The wider you cast that net, the more chances someone will come after you to gather information you may have.
  • Know how the system works, where the data is, who as access to it, and how it’s secured. Identifying this exposure prior to the holidays is key.
  • Don’t always rely on the third parties that you believe have your best interest in mind. They likely have limited their liability in the event something occurs. Know where your liability is with your vendors.
  • Have a breach response plan. Addressing the consumers who’ve been affected and the media will be key in the event of a breach, especially if it occurs during the holidays. So make sure your plan is in place prior to the holidays. As my dad always says, “Expect the best; prepare for the worst.”
  • Protect your balance sheet with insurance. Many see insurance as a necessary evil; however, cyber insurance can be a true financial product that can protect the very livelihood your company has created. You should review your current insurance programs and the coverages in place.

For consumers and companies, alike, the key is to not let your guard down. If you’re alert to how cyber criminals think and work, there’s a much better likelihood your holidays will go off without a hitch.

Explore more from Holmes Murphy